Техническая информация
- [<HKLM>\SOFTWARE\Classes\.\Shell\open\command] '' = '"Rundll32.exe" "cdmi.ydc" Resetrun'
- %TEMP%\is-3GJ51.tmp\<Имя вируса>.tmp /SL5="$40032,1125282,53248,<Полный путь к вирусу>"
- <SYSTEM32>\rundll32.exe "%WINDIR%\ucd.cpm" setconfig
- <SYSTEM32>\rundll32.exe "%WINDIR%\win32.dcu" backdb
- %WINDIR%\Config.ini
- %WINDIR%\rd.txt
- %WINDIR%\Install.tmp
- %WINDIR%\cdmi.ydc
- %WINDIR%\ucd.cpm
- %WINDIR%\win32.dcu
- %WINDIR%\taobao.ico
- %WINDIR%\Tundata
- %TEMP%\is-7BLM8.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-7BLM8.tmp\InstallDll.dll
- %TEMP%\is-3GJ51.tmp\<Имя вируса>.tmp
- %TEMP%\is-7BLM8.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\newname\is-14RK4.tmp
- %PROGRAM_FILES%\newname\unins000.dat
- %PROGRAM_FILES%\newname\is-K7JF4.tmp
- %PROGRAM_FILES%\newname\is-Q88JO.tmp
- %TEMP%\is-7BLM8.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-3GJ51.tmp\<Имя вируса>.tmp
- %TEMP%\is-7BLM8.tmp\InstallDll.dll
- %TEMP%\is-7BLM8.tmp\_isetup\_RegDLL.tmp
- '22#.#89.237.13':82
- 'localhost':1035
- '22#.#3.36.68':8080
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''